Data protection and outsourcing industry - A study

Nov 02, 2011

By Kumar Mihir

“Scientia Potenti Est- Knowledge is power”. The said maxim is apt to describe the primary business model in the 21st century when information is the key to success. With the world outsourcing its essential services to India, there is a growing clamour to ensure protection of the data and other sensitive information passed on and handled by the Indian outsourcing industry. In the factual background of India having emerged as the outsourcing hub it is more appropriate to evaluate the legal regime for protection of data. As the outsourcing industry is primarily data driven, effective legal provisions for protection of the same are required. India, however, does not have a dedicated statute for the protection of data like the Data Protection Act, 1998 of the United Kingdom and only a few provisions of the Information Technology Act, 2000 deal with protection of data in India.

International obligations

Article 39 of the Trade-Related Aspects of Intellectual Property Rights (TRIPS) enjoins the members to make laws to protect data/ information. India, though being a member of WTO, does not have a separate Data Protection Law. The only statute governing the field has been the Information Technology Act, 2000 which has been enacted to give effect to the resolution A/RES/ 51/162 dated 30th January 1997 passed by the General Assembly of United Nations whereby it adopted the Model Law on Electronic Commerce prepared by the United Nations Commission on International Trade Law (UNCITRAL).

Statutory regime & outsourcing industry

The Information Technology Act, 2000 (‘the Act’ for short) came into force on 17-10-2000 vide G.S.R No. 788(E) dated 17-10-2000 and for the first time, legal definition of “Computer”, “Data”, “electronic record”, “Information” et al was provided. The said Act gave a legal recognition to the electronic records and digital signatures and in Section 43 thereof provided for damages not exceeding Rs. 1 crore in case of unauthorised access, download or copying or damage to data etc. Chapter IX of the Act provided for penalty and adjudication and Chapter XI (Sections 63 to 78) provided for criminal liability in cases of tampering, hacking, publishing or transmitting obscene material, misrepresentation etc.